Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2007-02-13 |
| Product | Windows Live Onecare | Last view | 2011-02-25 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:microsoft:windows_live_onecare:*:*:*:*:*:*:*:* | 4 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2011-02-25 | CVE-2011-0037 | Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. |
| 5 | 2008-05-13 | CVE-2008-1438 | Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437. |
| 5 | 2008-05-13 | CVE-2008-1437 | Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438. |
| 9.3 | 2007-02-13 | CVE-2006-5270 | Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (2) | CWE-399 | Resource Management Errors |
| 33% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:13981 | Microsoft Malware Protection Engine Vulnerability-I |
| oval:org.mitre.oval:def:14375 | Microsoft Malware Protection Engine Vulnerability-II |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 71017 | Microsoft Malware Protection Engine (MMPE) Crafted Registry Key Local Privile... |
| 45028 | Microsoft Malware Protection Engine File Parsing Disk-space Exhaustion DoS |
| 45027 | Microsoft Malware Protection Engine File Parsing Service DoS |
| 31888 | Microsoft Malware Protection Engine PDF File Parsing Remote Code Execution |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Malware Protection Engine elevation of privilege attempt RuleID : 18501 - Type : OS-WINDOWS - Revision : 9 |
| 2014-01-10 | Microsoft Malware Protection Engine file processing denial of service attempt RuleID : 17306 - Type : OS-WINDOWS - Revision : 10 |
| 2014-01-10 | Microsoft malware protection engine denial of service attempt RuleID : 13802 - Type : OS-WINDOWS - Revision : 7 |
| 2014-01-10 | Microsoft malware protection engine denial of service attempt RuleID : 13798 - Type : OS-WINDOWS - Revision : 8 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2011-02-25 | Name: The remote host has an application that is affected by a local privilege esca... File: smb_kb2491888.nasl - Type: ACT_GATHER_INFO |
| 2008-05-13 | Name: It is possible to crash the antimalware program. File: smb_nt_ms08-029.nasl - Type: ACT_GATHER_INFO |
| 2007-02-13 | Name: Arbitrary code can be executed on the remote host through the AntiMalware pro... File: smb_nt_ms07-010.nasl - Type: ACT_GATHER_INFO |
